Penetration

The ability to manipulate the DOM at the client-side without notifying the vulnerable web application, persist at the client-side using HTML 5.0 Application Cache and Local Storage, mutate to serve as a zombie in command and control environment and finally escalate privilege to code execution.